You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by Janne Jalkanen <Ja...@ecyrd.com> on 2008/08/16 12:57:12 UTC
VOTE: Release JSPWiki 2.6.4
Folks,
due to some security issues which have cropped up recently (mostly
bad file uploads and XSS attacks), I decided to build JSPWiki 2.6.4
with the latest security fixes. The release artifacts (= fancy way
of saying the bin, zip and signature files) are available at
http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/
Again, this is a JSPWiki LGPL release, not endorsed by Apache, but
let's do this the Apache way to practice :-). Please download, check
that the build is okay, and vote on this list. The vote is open for
72 hours (=ends on Tuesday, August 19th, 11:00 UTC.)
The ChangeLog is included below for your perusal.
2008-08-16 Janne Jalkanen <ja...@apache.org>
* 2.6.4-rc-1
* JSPWIKI-319: Change Note extra checks.
2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
* 2.6.4-svn-1
* JSPWIKI-315: added extra checks to AttachmentServlet.
/Janne
Re: VOTE: Release JSPWiki 2.6.4
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
Nope. BTW, it's currently running live on www.jspwiki.org.
/Janne
On 16 Aug 2008, at 21:34, Harry Metske wrote:
> +1
>
> - downloaded
> - checked gpg key
> - unzipped
> - unjarred the war file to the webapps/JSPWiki dir (not drop the
> war file,
> that piece of doc should be changed in 2.8)
> - took me some time to get the "old" jaas working again :-)
> - tested a couple of functions like Edit, Preview, Diff, Login,
> Logout,
> Prefs, Create/Delete/Rename pages
> - tested a couple of plugins
> - tested for both fixes (ok)
>
> Have I forgotten any important things ?
>
> regards,
> Harry
>
>
> 2008/8/16 Janne Jalkanen <Ja...@ecyrd.com>
>
>> Folks,
>>
>> due to some security issues which have cropped up recently (mostly
>> bad file
>> uploads and XSS attacks), I decided to build JSPWiki 2.6.4 with
>> the latest
>> security fixes. The release artifacts (= fancy way of saying the
>> bin, zip
>> and signature files) are available at
>>
>> http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/<http://www.ecyrd.com/
>> %7Ejalkanen/JSPWiki/2.6.4/>
>>
>> Again, this is a JSPWiki LGPL release, not endorsed by Apache, but
>> let's do
>> this the Apache way to practice :-). Please download, check that
>> the build
>> is okay, and vote on this list. The vote is open for 72 hours
>> (=ends on
>> Tuesday, August 19th, 11:00 UTC.)
>>
>> The ChangeLog is included below for your perusal.
>>
>> 2008-08-16 Janne Jalkanen <ja...@apache.org>
>>
>> * 2.6.4-rc-1
>>
>> * JSPWIKI-319: Change Note extra checks.
>>
>> 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
>>
>> * 2.6.4-svn-1
>>
>> * JSPWIKI-315: added extra checks to AttachmentServlet.
>>
>>
>> /Janne
>
>
>
>
> --
> met vriendelijke groet,
> Harry Metske
> Telnr. +31-548-512395
> Mobile +31-6-51898081
Re: VOTE: Release JSPWiki 2.6.4
Posted by Harry Metske <ha...@gmail.com>.
+1
- downloaded
- checked gpg key
- unzipped
- unjarred the war file to the webapps/JSPWiki dir (not drop the war file,
that piece of doc should be changed in 2.8)
- took me some time to get the "old" jaas working again :-)
- tested a couple of functions like Edit, Preview, Diff, Login, Logout,
Prefs, Create/Delete/Rename pages
- tested a couple of plugins
- tested for both fixes (ok)
Have I forgotten any important things ?
regards,
Harry
2008/8/16 Janne Jalkanen <Ja...@ecyrd.com>
> Folks,
>
> due to some security issues which have cropped up recently (mostly bad file
> uploads and XSS attacks), I decided to build JSPWiki 2.6.4 with the latest
> security fixes. The release artifacts (= fancy way of saying the bin, zip
> and signature files) are available at
>
> http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/<http://www.ecyrd.com/%7Ejalkanen/JSPWiki/2.6.4/>
>
> Again, this is a JSPWiki LGPL release, not endorsed by Apache, but let's do
> this the Apache way to practice :-). Please download, check that the build
> is okay, and vote on this list. The vote is open for 72 hours (=ends on
> Tuesday, August 19th, 11:00 UTC.)
>
> The ChangeLog is included below for your perusal.
>
> 2008-08-16 Janne Jalkanen <ja...@apache.org>
>
> * 2.6.4-rc-1
>
> * JSPWIKI-319: Change Note extra checks.
>
> 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
>
> * 2.6.4-svn-1
>
> * JSPWIKI-315: added extra checks to AttachmentServlet.
>
>
> /Janne
--
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081
Re: VOTE: Release JSPWiki 2.6.4
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
Excellent, thank you. :-)
With four +1 votes, the 2.6.4 release passes and is now available
from the usual place.
/Janne
On Aug 22, 2008, at 20:46 , Dirk Frederickx wrote:
> +1 for 2.6.4
> dirk
>
> On Fri, Aug 22, 2008 at 2:45 PM, Andrew Jaquith
> <an...@me.com> wrote:
>> +1 from me :)
>>
>> On Aug 22, 2008, at 4:08 AM, Janne Jalkanen
>> <Ja...@ecyrd.com>
>> wrote:
>>
>>>
>>> Folks,
>>>
>>> I got exactly one +1 for this release from Harry. Counting my
>>> own, that
>>> amounts to +2.
>>>
>>> Since we didn't get three +1s, a consensus is not achieved, the
>>> release is
>>> not done, and we will leave 2.6.3 as the final 2.6 version with
>>> horrendous
>>> security bugs still open.
>>>
>>> This OK with everyone?
>>>
>>> /Janne
>>>
>>> On 16 Aug 2008, at 13:57, Janne Jalkanen wrote:
>>>
>>>> Folks,
>>>>
>>>> due to some security issues which have cropped up recently
>>>> (mostly bad
>>>> file uploads and XSS attacks), I decided to build JSPWiki 2.6.4
>>>> with the
>>>> latest security fixes. The release artifacts (= fancy way of
>>>> saying the
>>>> bin, zip and signature files) are available at
>>>>
>>>> http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/
>>>>
>>>> Again, this is a JSPWiki LGPL release, not endorsed by Apache,
>>>> but let's
>>>> do this the Apache way to practice :-). Please download, check
>>>> that the
>>>> build is okay, and vote on this list. The vote is open for 72
>>>> hours (=ends
>>>> on Tuesday, August 19th, 11:00 UTC.)
>>>>
>>>> The ChangeLog is included below for your perusal.
>>>>
>>>> 2008-08-16 Janne Jalkanen <ja...@apache.org>
>>>>
>>>> * 2.6.4-rc-1
>>>>
>>>> * JSPWIKI-319: Change Note extra checks.
>>>>
>>>> 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
>>>>
>>>> * 2.6.4-svn-1
>>>>
>>>> * JSPWIKI-315: added extra checks to AttachmentServlet.
>>>>
>>>>
>>>> /Janne
>>>
>>
Re: VOTE: Release JSPWiki 2.6.4
Posted by Dirk Frederickx <di...@gmail.com>.
+1 for 2.6.4
dirk
On Fri, Aug 22, 2008 at 2:45 PM, Andrew Jaquith <an...@me.com> wrote:
> +1 from me :)
>
> On Aug 22, 2008, at 4:08 AM, Janne Jalkanen <Ja...@ecyrd.com>
> wrote:
>
>>
>> Folks,
>>
>> I got exactly one +1 for this release from Harry. Counting my own, that
>> amounts to +2.
>>
>> Since we didn't get three +1s, a consensus is not achieved, the release is
>> not done, and we will leave 2.6.3 as the final 2.6 version with horrendous
>> security bugs still open.
>>
>> This OK with everyone?
>>
>> /Janne
>>
>> On 16 Aug 2008, at 13:57, Janne Jalkanen wrote:
>>
>>> Folks,
>>>
>>> due to some security issues which have cropped up recently (mostly bad
>>> file uploads and XSS attacks), I decided to build JSPWiki 2.6.4 with the
>>> latest security fixes. The release artifacts (= fancy way of saying the
>>> bin, zip and signature files) are available at
>>>
>>> http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/
>>>
>>> Again, this is a JSPWiki LGPL release, not endorsed by Apache, but let's
>>> do this the Apache way to practice :-). Please download, check that the
>>> build is okay, and vote on this list. The vote is open for 72 hours (=ends
>>> on Tuesday, August 19th, 11:00 UTC.)
>>>
>>> The ChangeLog is included below for your perusal.
>>>
>>> 2008-08-16 Janne Jalkanen <ja...@apache.org>
>>>
>>> * 2.6.4-rc-1
>>>
>>> * JSPWIKI-319: Change Note extra checks.
>>>
>>> 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
>>>
>>> * 2.6.4-svn-1
>>>
>>> * JSPWIKI-315: added extra checks to AttachmentServlet.
>>>
>>>
>>> /Janne
>>
>
Re: VOTE: Release JSPWiki 2.6.4
Posted by Andrew Jaquith <an...@me.com>.
+1 from me :)
On Aug 22, 2008, at 4:08 AM, Janne Jalkanen <Ja...@ecyrd.com>
wrote:
>
> Folks,
>
> I got exactly one +1 for this release from Harry. Counting my own,
> that amounts to +2.
>
> Since we didn't get three +1s, a consensus is not achieved, the
> release is not done, and we will leave 2.6.3 as the final 2.6
> version with horrendous security bugs still open.
>
> This OK with everyone?
>
> /Janne
>
> On 16 Aug 2008, at 13:57, Janne Jalkanen wrote:
>
>> Folks,
>>
>> due to some security issues which have cropped up recently (mostly
>> bad file uploads and XSS attacks), I decided to build JSPWiki 2.6.4
>> with the latest security fixes. The release artifacts (= fancy way
>> of saying the bin, zip and signature files) are available at
>>
>> http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/
>>
>> Again, this is a JSPWiki LGPL release, not endorsed by Apache, but
>> let's do this the Apache way to practice :-). Please download,
>> check that the build is okay, and vote on this list. The vote is
>> open for 72 hours (=ends on Tuesday, August 19th, 11:00 UTC.)
>>
>> The ChangeLog is included below for your perusal.
>>
>> 2008-08-16 Janne Jalkanen <ja...@apache.org>
>>
>> * 2.6.4-rc-1
>>
>> * JSPWIKI-319: Change Note extra checks.
>>
>> 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
>>
>> * 2.6.4-svn-1
>>
>> * JSPWIKI-315: added extra checks to AttachmentServlet.
>>
>>
>> /Janne
>
Re: VOTE: Release JSPWiki 2.6.4
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
Folks,
I got exactly one +1 for this release from Harry. Counting my own,
that amounts to +2.
Since we didn't get three +1s, a consensus is not achieved, the
release is not done, and we will leave 2.6.3 as the final 2.6 version
with horrendous security bugs still open.
This OK with everyone?
/Janne
On 16 Aug 2008, at 13:57, Janne Jalkanen wrote:
> Folks,
>
> due to some security issues which have cropped up recently (mostly
> bad file uploads and XSS attacks), I decided to build JSPWiki 2.6.4
> with the latest security fixes. The release artifacts (= fancy way
> of saying the bin, zip and signature files) are available at
>
> http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/
>
> Again, this is a JSPWiki LGPL release, not endorsed by Apache, but
> let's do this the Apache way to practice :-). Please download,
> check that the build is okay, and vote on this list. The vote is
> open for 72 hours (=ends on Tuesday, August 19th, 11:00 UTC.)
>
> The ChangeLog is included below for your perusal.
>
> 2008-08-16 Janne Jalkanen <ja...@apache.org>
>
> * 2.6.4-rc-1
>
> * JSPWIKI-319: Change Note extra checks.
>
> 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
>
> * 2.6.4-svn-1
>
> * JSPWIKI-315: added extra checks to AttachmentServlet.
>
>
> /Janne